I have a 7206VXR which serves as a VPN concentrator. In fact, there are several dozens of VPNs defined on this machine. For some reason, a recently defined VPN doesn't reach the QM_IDLE state (it stops at MM_NO_STATE). Obviously, it doesn't work.
Every VPN is placed into different VRF so there is no connection among the tunnels. But it seems that the "debug crypto isakamp" command doesn't have any extension regarding VRFs or debugging a particular gateway. So running the "crypto isakamp" debug isn't quite helpful. The problem is that it gives every piece of information it can regarding all gateways and does not separate between them. So all I have it's a huge mess of a debug output.
How can I restrict the "crypto isakamp" debug to a particular gateway / VRF?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...